How to Create a Backup Notification System in the Event an Unauthorized User Accesses Azure Sentinel

A request was made recently about how to prevent an unauthorized and elevated user account from getting access to Azure Sentinel. Essentially, the scenario is this: An environment was compromised.A compromised user account had elevated access.The compromised user account shut down monitoring (Azure Sentinel) so as not to be detected. I'm still working the full … Continue reading How to Create a Backup Notification System in the Event an Unauthorized User Accesses Azure Sentinel

How to Evolve the SOC with Azure Sentinel: Analytics Rules Part 1

I kicked off this SOC evolution with Azure Sentinel series a few days ago with How to Evolve the SOC with Azure Sentinel: Hunting Queries. I'm not sure yet how many posts will ultimately be in this series, but like I do with SOC efficiency, I'll probably maintain this series going-forward to ensure we're always … Continue reading How to Evolve the SOC with Azure Sentinel: Analytics Rules Part 1

eBook Available for Managing Azure Sentinel with PowerShell

Just quick heads-up post. A good buddy of mine and Microsoft MVP, Kaido Järvemets, hinted yesterday that he would was putting together a guide for those just beginning to work with the new PowerShell module for Azure Sentinel. Details about the PowerShell module here: Official Azure Sentinel PowerShell Module Released – Azure Cloud & AI … Continue reading eBook Available for Managing Azure Sentinel with PowerShell

How to Evolve the SOC with Azure Sentinel: Hunting Queries

The evolution of the Security Operations Center (SOC) is important. This process is key to enabling your security teams and your security tools to work more efficiently and more intelligently. Without it your security operations become stagnate and incapable of addressing new threats. As you know, I spend a lot of time working with and … Continue reading How to Evolve the SOC with Azure Sentinel: Hunting Queries

Official Azure Sentinel PowerShell Module Released

On December 29th, when the rest of the world wasn't watching, the Microsoft team unleashed the first rev of a PowerShell module specifically for Azure Sentinel. You can find Az.SecurityInsights version 0.1.0 here: https://www.powershellgallery.com/packages/Az.SecurityInsights/0.1.0 I've been playing with it the last couple days when my wife isn't looking. I'm off until January 4th and have … Continue reading Official Azure Sentinel PowerShell Module Released

Azure Sentinel Learning Path Now Available

For those that want a good kickstart on learning Azure Sentinel over the holiday, Microsoft has recently finalized the full set of Learn modules. For the past couple months the only module available was an Introduction session, but now the following modules make out the full list: Introduction to Azure SentinelDeploy Azure Sentinel and connect … Continue reading Azure Sentinel Learning Path Now Available

Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks

Saw this today when I was adding a new Workbook to my Azure Sentinel environment for a customer demo and thought it worthy to pass along. The ability to save workbooks as Private Workbooks is going away by early 2021. You will still be able to access your private workbooks but any edit or save … Continue reading Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks

Incident Settings Tab in Analytics Rules Wizard Comes out of Preview in Azure Sentinel

Just a quick heads-up for those that have been waiting for this to happen. The (Preview) tag for the Incident Settings tab in the Analytics Rules creation/modification wizard has released from public preview this week. I actually noticed it during a customer workshop session on Tuesday. Out of Preview I'll follow-up with some information about … Continue reading Incident Settings Tab in Analytics Rules Wizard Comes out of Preview in Azure Sentinel

New Feature: Indicator to Show When New Analytics Rules are Available in Azure Sentinel

Over the past several days, our teams at Microsoft have worked feverishly to put together guidance and content to help customers impacted by the SolarWinds hack. Specific to Azure Sentinel, see: How to Use Azure Sentinel to Detect SolarWinds SUNBURST In addition to supplying Analytics Rules, a Workbook, and a Notebook for customers to deploy … Continue reading New Feature: Indicator to Show When New Analytics Rules are Available in Azure Sentinel

How to Use Azure Sentinel to Detect SolarWinds SUNBURST

The teams at Microsoft have been working over the past several days to put together some content for Azure Sentinel customers who may be affected by the recent SolarWinds ORION hack. UPDATE: After this original post, the Microsoft teams delivered a more comprehensive post and is continually updating it. See that here: SolarWinds Post-Compromise Hunting … Continue reading How to Use Azure Sentinel to Detect SolarWinds SUNBURST